A number of fields of endeavor are relevant to the present invention, and exemplary prior art, incorporated herein by reference, are disclosed below. The references disclosed provide a skilled artisan with embodiments of elements of the present invention, and the teachings therein may be combined and subcombined in various manners in accordance with the present teachings. The topical headings are advisory only, and are not intended to limit the applicability of any reference. While some embodiments are discussed as being preferred, it should be understood that all embodiments discussed, in any portion of this documents, whether stated as having advantages or not, form a part of the invention and may be combined and/or subcombined in a consistent manner in accordance with the teachings hereof.
Internet
The Internet is structured such various networks are interconnected, with communications effected by addressed packets conforming to a common protocol. Based on the packet addressing, information is routed from source to destination, often through a set of networks having multiple potential pathways. The communications medium is shared between all users. Statistically, some proportion of the packets are extraordinarily delayed, or simply lost. Therefore, protocols involving communications using these packets include error detection schemes that request a retransmit of required data not received within a time window. In the even that the network nears capacity or is otherwise subject to limiting constraint, the incidence of delayed or lost packets increases, thereby increasing requests for retransmission and retransmission. Therefore, as the network approaches available bandwidth, the load increases, ultimately leading to failure. In instances where a minimum quality of service must be guaranteed, special Internet technologies are required, to reserve bandwidth or to specify network pathways. End-to-end quality of service guarantees, however, may exceed the cost of circuit switched technologies, such as dialup modems, especially where the high quality needs are intermittent.
Internet usage typically involves an Internet server, an automated system capable of responding to communications received through the Internet, and often communicating with other systems not directly connected to the Internet. The server typically has relatively large bandwidth to the Internet, allowing multiple simultaneous communications sessions, and usually supports the hypertext transport protocol (HTTP), which provides, in conjunction with a so-called web browser on a remote client system, a human readable interface which facilitates navigation of various resources available in the Internet. The client systems are typically human user interfaces, which employ a browser to display HTTP “web pages”. The browser typically does not provide intelligence. Bandwidth between the client and Internet is typically relatively small, and various communications and display rendering considered normal. Typically, both client and server are connected to the Internet through Internet service providers, each having its own router.
It is also known to provide so-called proxy servers and firewalls, which are automated systems that insulate the client system from the Internet. Further, so-called Internet applications and applets are known which provide local intelligence at the client system. Further, it is known to provide a local server within the client system for locally processing a portion of the information. These local servers, applications and applets are non-standard, and thus require special software to be available locally for execution.
Thus, the Internet poses a number of advantages for commercial use, including low cost and ubiquitous connectivity. Therefore, it is desirable to employ standard Internet technologies while achieving sufficient quality communications to effect an efficient transaction.
Market Economy Systems
In modern retail transactions, predetermined price transactions are common, with market transactions, i.e., commerce conducted in a setting which allows the transaction price to float based on the respective valuation allocated by the buyer(s) and seller(s), often left to specialized fields. While interpersonal negotiation is often used to set a transfer price, this price is often different from a transfer price that might result from a best-efforts attempt at establishing a market price. Assuming that the market price is optimal, it is therefore assumed that alternatives are sub optimal. Therefore, the establishment of a market price is desirable over simple negotiations.
One particular problem with market-based commerce is that both seller optimization and market efficiency depend on the fact that representative participants of a preselected class are invited to participate, and are able to promptly communicate, on a relevant timescale, in order to accurately value the goods or services and make an offer. Thus, in traditional market-based system, all participants are in the same room, or connected by a high quality telecommunications link. Alternately, the market valuation process is prolonged over an extended period, allowing non-real time communications of market information and bids. Thus, attempts at ascertaining a market price for non-commodity goods can be subject to substantial inefficiencies, which reduce any potential gains by market pricing. Further, while market pricing might be considered “fair”, it also imposes an element of risk, reducing the ability of parties to predict future pricing and revenues. Addressing this risk may also reduce efficiency of a market-based system.
Auction Systems
When a single party seeks to sell goods to the highest valued purchaser(s), to establish a market price, the rules of conduct typically define an auction. Typically, known auctions provide an ascending price or descending price over time, with bidders making offers or ceasing to make offers, in the descending price or ascending price models, respectively, to define the market price. After determining the winner of the auction, the pricing rules define uniform price auctions, wherein all successful bidders pay the lowest successful bid, second price auctions wherein the winning bidder pays the amount bid by the next highest bidder, and pay-what-you-bid auctions. The pay-what-you-bid auction is also known as a discriminative auction while the uniform price auction is known as a non-discriminative auction. In a second-price auction, also known as a Vickrey auction, the policy seeks to create a disincentive for speculation and to encourage bidders to submit bids reflecting their true value for the good. In the uniform price and second price schemes, the bidder is encourages to disclose the actual private value to the bidder of the good or service, since at any price below this amount, there is an excess gain to the buyer, whereas by withholding this amount the bid may be unsuccessful, resulting in a loss of the presumably desirable opportunity. In the pay-what-you-bid auction, on the other hand, the buyer need not disclose the maximum private valuation, and those bidders with lower risk tolerance will bid higher prices. See, www.isoc.org/inet98/proceedings/3b/3b_3.html; www.ibm.com/iac/reports-technical/reports-bus-neg-internet.html.
Two common types of auction are the English auction, which sells a single good to the highest bidder in an ascending price auction, and the Dutch auction, in which multiple units are available for sale, and in which a starting price is selected by the auctioneer, which is successively reduced, until the supply is exhausted by bidders (or the minimum price/final time is reached), with the buyer(s) paying the lowest successful bid. The term Dutch auction is also applied to a type of sealed bid auction. In a multi-unit live Dutch auction, each participant is provided with the current price, the quantity on hand and the time remaining in the auction. This type of auction, typically takes place over a very short period of time and there is a flurry of activity in the last portion of the auction process. The actual auction terminates when there is no more product to be sold or the time period expires.
In selecting the optimal type of auction, a number of factors are considered. In order to sell large quantities of a perishable commodity in a short period of time, the descending price auctions are often preferred. For example, the produce and flower markets in Holland routinely use the Dutch auction (hence the derivation of the name), while the U.S. Government uses this form to sell its financial instruments. The format of a traditional Dutch auction encourages early bidders to bid up to their “private value”, hoping to pay some price below the “private value”. In making a bid, the “private value” becomes known, helping to establish a published market value and demand curve for the goods, thus allowing both buyers and sellers to define strategies for future auctions.
In an auction, typically a seller retains an auctioneer to conduct an auction with multiple buyers. (In a reverse auction, a buyer solicits the lowest price from multiple competing vendors for a desired purchase). Since the seller retains the auctioneer, the seller essentially defines the rules of the auction. These rules are typically defined to maximize the revenues or profit to the seller, while providing an inviting forum to encourage a maximum number of high valued buyers. If the rules discourage high valuations of the goods or services, or discourage participation by an important set of potential bidders, then the rules are not optimum. A rule may also be imposed to account for the valuation of the good or service applied by the seller, in the form of a reserve price. It is noted that these rules typically seek to allocate to the seller a portion of the economic benefit that would normally inure to the buyer, creating an economic inefficiency. However, since the auction is to benefit the seller, not society as a whole, this potential inefficiency is tolerated. An optimum auction thus seeks to produce a maximum profit (or net revenues) for the seller. An efficient auction, on the other hand, maximizes the sum of the utilities for the buyer and seller. It remains a subject of academic debate as to which auction rules are most optimum in given circumstances; however, in practice, simplicity of implementation may be a paramount concern, and simple auctions may result in highest revenues; complex auctions, while theoretically more optimal, may discourage bidders from participating or from applying their true and full private valuation in the auction process.
Typically, the rules of the auction are predefined and invariant. Further, for a number of reasons, auctions typically apply the same rules to all bidders, even though, with a priori knowledge of the private values assigned by each bidder to the goods, or a prediction of the private value, an optimization rule may be applied to extract the full value assigned by each bidder, while selling above the sellers reserve.
In a known ascending price auction, each participant must be made aware of the status of the auction, e.g., open, closed, and the contemporaneous price. A bid is indicated by the identification of the bidder at the contemporaneous price, or occasionally at any price above the minimum bid increment plus the previous price. The bids are asynchronous, and therefore each bidder must be immediately informed of the particulars of each bid by other bidders.
In a known descending price auction, the process traditionally entails a common clock, which corresponds to a decrementing price at each decrement interval, with an ending time (and price). Therefore, once each participant is made aware of the auction parameters, e.g., starting price, price decrement, ending price/time, before the start of the auction, the only information that must be transmitted is auction status (e.g., inventory remaining).
As stated above, an auction is traditionally considered an efficient manner of liquidating goods at a market price. The theory of an auction is that either the buyer will not resell, and thus has an internal or private valuation of the goods regardless of other's perceived values, or that the winner will resell, either to gain economic efficiency or as a part of the buyers regular business. In the later case, it is a general presumption that the resale buyers are not in attendance at the auction or are otherwise precluded from bidding, and therefore that, after the auction, there will remain demand for the goods at a price in excess of the price paid during the auction. Extinction of this residual demand results in the so-called “winner's curse”, in which the buyer can make no profit from the transaction during the auction. Since this detracts from the value of the auction as a means of conducting profitable commerce, it is of concern to both buyer and seller. In fact, experience with initial public offerings (IPOs) of stock through various means has demonstrated that by making stock available directly to all classes of potential purchasers, latent demand for a new issue is extinguished, and the stock price is likely to decline after issuance, resulting in an IPO which is characterized as “unsuccessful”. This potential for post IPO decline tempers even initial interest in the issue, resulting in a paradoxical decline in revenues from the vehicle. In other words, the “money on the table” resulting from immediate retrading of IPO shares is deemed a required aspect of the IPO process. Thus, methods that retain latent demand after IPO shares result in post IPO increases, and therefore a “successful” IPO. Therefore, where the transaction scheme anticipates demand for resale after the initial distribution, it is often important to assure a reasonable margin for resellers and limitations on direct sale to ultimate consumers.
Research into auction theory (game theory) shows that in an auction, the goal of the seller is to optimize the auction by allocating the goods inefficiently, and thus to appropriate to himself an excess gain. This inefficiency manifests itself by either withholding goods from the market or placing the goods in the wrong hands. In order to assure for the seller a maximum gain from a misallocation of the goods, restrictions on resale are imposed; otherwise, post auction trading will tend to undue the misallocation, and the anticipation of this trading will tend to control the auction pricing. The misallocation of goods imposed by the seller through restrictions allow the seller to achieve greater revenues than if free resale were permitted. It is believed that in an auction followed by perfect resale, that any mis-assignment of the goods lowers the seller's revenues below the optimum and likewise, in an auction market followed by perfect resale, it is optimal for the seller to allocate the goods to those with the highest value. Therefore, if post-auction trading is permitted, the seller will not benefit from these later gains, and the seller will obtain sub optimal revenues.
These studies, however, typically do not consider transaction costs and internal inefficiencies of the resellers, as well as the possibility of multiple classes of purchasers, or even multiple channels of distribution, which may be subject to varying controls or restrictions, and thus in a real market, such theoretical optimal allocation is unlikely. In fact, in real markets the transaction costs involved in transfer of ownership are often critical in determining a method of sale and distribution of goods. For example, it is the efficiency of sale that motivates the auction in the first place. Yet, the auction process itself may consume a substantial margin, for example 1-15% of the transaction value. To presume, even without externally imposed restrictions on resale, that all of the efficiencies of the market may be extracted by free reallocation, ignores that the motivation of the buyer is a profitable transaction, and the buyer may have fixed and variable costs on the order of magnitude of the margin. Thus, there are substantial opportunities for the seller to gain enhanced revenues by defining rules of the auction, strategically allocating inventory amount and setting reserve pricing.
Therefore, perfect resale is but a fiction created in auction (game) theory. Given this deviation from the ideal presumptions, auction theory may be interpreted to provide the seller with a motivation to misallocate or withhold based on the deviation of practice from theory, likely based on the respective transaction costs, seller's utility of the goods, and other factors not considered by the simple analyses.
A number of proposals have been made for effecting auction systems using the Internet. These systems include consumer-to-consumer, business-to-consumer, and business-to-business types. Generally, these auctions, of various types and implementations discussed further below, are conducted through Internet browsers using hypertext markup language (HTML) “web pages”, using HTTP. In some instances, such as BIDWATCH, discussed further below, an application with associated applets is provided to define a user interface instead of HTML.
As stated above, the information packets from the transaction server to client systems associated with respective bidders communicate various information regarding the status of an interactive auction during the progress thereof. The network traffic from the client systems to the transaction server is often limited to the placement of bids; however, the amount of information required to be transmitted can vary greatly, and may involve a complex dialogue of communications to complete the auction offer. Typically, Internet based auction systems have scalability issues, wherein economies of scale are not completely apparent, leading to implementation of relatively large transaction server systems to handle peak loads. When the processing power of the transaction server system is exceeded, entire system outages may occur, resulting in lost sales or diminished profits, and diminished goodwill.
In most Internet auction system implementations, there are a large quantity of simultaneous auctions, with each auction accepting tens or hundreds of bids over a timescale of hours to days. In systems where the transaction volume exceeds these scales, for example in stock and commodity exchanges, which can accommodate large numbers of transactions per second involving the same issue, a private network, or even a local area network, is employed, and the public Internet is not used as a direct communications system with the transaction server. Thus, while infrastructures are available to allow successful handling of massive transaction per second volumes, these systems typically avoid direct public Internet communications or use of some of its limiting technologies. The transaction processing limitations are often due to the finite time required to handle, e.g., open, update, and close, database records.
In business-to-business auctions, buyers seek to ensure that the population of ultimate consumers for the good or services are not present at the auction, in order to avoid the “winner's curse”, where the highest bidder in the auction cannot liquidate or work the asset at a profit. Thus, business-to-business auctions are distinct from business-to-consumer auctions. In the former, the optimization by the seller must account for the desire or directive of the seller to avoid direct retail distribution, and instead to rely on a distribution tier represented in the auction. In the latter, the seller seeks maximum revenues and to exhaust the possibilities for downstream trade in the goods or services. In fact, these types of auctions may be distinguished by various implementing rules, such as requiring sales tax resale certificates, minimum lot size quantities, preregistration or qualification, support or associated services, or limitations on the title to the goods themselves. The conduct of these auctions may also differ, in that consumer involvement typically is permissive of mistake or indecision, while in a pure business environment professionalism and decisiveness are mandated.
In many instances, psychology plays an important role in the conduct of the auction. In a live auction, bidders can see each other, and judge the tempo of the auction. In addition, multiple auctions are often conducted sequentially, so that each bidder can begin to understand the other bidder's patterns, including hesitation, bluffing, facial gestures or mannerisms. Thus, bidders often prefer live auctions to remote or automated auctions if the bidding is to be conducted strategically.
Internet Auctions
On-line electronic auction systems which allow efficient sales of products and services are well known, for example, EBAY.COM, ONSALE.COM, UBID.COM, and the like. Inverse auctions that allow efficient purchases of product are also known, establishing a market price by competition between sellers. The Internet holds the promise of further improving efficiency of auctions by reducing transaction costs and freeing the “same time-same place” limitations of traditional auctions. This is especially appropriate where the goods may be adequately described by text or images, and thus a physical examination of the goods is not required prior to bidding.
In existing Internet systems, the technological focus has been in providing an auction system that, over the course of hours to days, allow a large number of simultaneous auctions, between a large number of bidders to occur. These systems must be scalable and have high transaction throughput, while assuring database consistency and overall system reliability. Even so, certain users may selectively exploit known technological limitations and artifacts of the auction system, including non-real time updating of bidding information, especially in the final stages of an auction.
Because of existing bandwidth and technological hurdles, Internet auctions are quite different from live auctions with respect to psychological factors. Live auctions are often monitored closely by bidders, who strategically make bids, based not only on the “value” of the goods, but also on an assessment of the competition, timing, psychology, and progress of the auction. It is for this reason that so-called proxy bidding, wherein the bidder creates a preprogrammed “strategy”, usually limited to a maximum price, are disfavored. A maximum price proxy bidding system is somewhat inefficient, in that other bidders may test the proxy, seeking to increase the bid price, without actually intending to purchase, or contrarily, after testing the proxy, a bidder might give up, even below a price he might have been willing to pay. Thus, the proxy imposes inefficiency in the system that effectively increases the transaction cost.
In order to address a flurry of activity that often occurs at the end of an auction, an auction may be held open until no further bids are cleared for a period of time, even if advertised to end at a certain time. This is common to both live and automated auctions. However, this lack of determinism may upset coordinated schedules, thus impairing efficient business use of the auction system.
In order to facilitate management of bids and bidding, some of the Internet auction sites have provided non-Hypertext Markup Language (HTML) browser based software “applet” to track auctions. For example, ONSALE.COM has made available a Marimba Castanet® applet called Bidwatch to track auction progress for particular items or classes of items, and to facilitate bidding thereon. This system, however, lacks real-time performance under many circumstances, having a stated refresh period of 10 seconds, with a long latency for confirmation of a bid, due to constraints on software execution, quality of service in communications streams, and bid confirmation dialogue. Thus, it is possible to lose a bid even if an attempt was made prior to another bidder. The need to quickly enter the bid, at risk of being too late, makes the process potentially error prone.
Proxy bidding, as discussed above, is a known technique for overcoming the constraints of Internet communications and client processing limitations, since it bypasses the client and telecommunications links and may execute solely on the host system or local thereto. However, proxy bidding undermines some of the efficiencies gained by a live market.
U.S. Pat. No. 5,890,138 to Godin, et al. (Mar. 30, 1999), expressly incorporated herein by reference in its entirety, relates to an Internet auction system. The system implements a declining price auction process, removing a user from the auction process once an indication to purchase has been received. See, Rockoff, T. E., Groves, M.; “Design of an Internet-based System for Remote Dutch Auctions”, Internet Research, v 5, n 4, pp. 10-16, MCB University Press, Jan. 1, 1995.
A known computer site for auctioning a product on-line comprises at least one web server computer designed for serving a host of computer browsers and providing the browsers with the capability to participate in various auctions, where each auction is of a single product, at a specified time, with a specified number of the product available for sale. The web server cooperates with a separate database computer, separated from the web server computer by a firewall. The database computer is accessible to the web computer server computer to allow selective retrieval of product information, which includes a product description, the quantity of the product to be auctioned, a start price of the product, and an image of the product. The web server computer displays, updated during an auction, the current price of the product, the quantity of the product remaining available for purchase and the measure of the time remaining in the auction. The current price is decreased in a predetermined manner during the auction. Each user is provided with an input instructing the system to purchase the product at a displayed current price, transmitting an identification and required financial authorization for the purchase of the product, which must be confirmed within a predetermined time. In the known system, a certain fall-out rate in the actual purchase confirmation may be assumed, and therefore some overselling allowed. Further, after a purchase is indicate, the user's screen is not updated, obscuring the ultimate lowest selling price from the user. However, if the user maintains a second browser, he can continue to monitor the auction to determine whether the product could have been purchased at a lower price, and if so, fail to confirm the committed purchase and purchase the same goods at a lower price while reserving the goods to avoid risk of loss. Thus, the system is flawed, and may fail to produce an efficient transaction or optimal price.
An Internet declining price auction system may provide the ability to track the price demand curve, providing valuable marketing information. For example, in trying to determine the response at different prices, companies normally have to conduct market surveys. In contrast, with a declining price auction, substantial information regarding price and demand is immediately known. The relationship between participating bidders and average purchasers can then be applied to provide a conventional price demand curve for the particular product.
U.S. Pat. No. 5,835,896, Fisher, et al., issued Nov. 10, 1998, expressly incorporated herein by reference in its entirety, provides method and system for processing and transmitting electronic auction information over the Internet, between a central transaction server system and remote bidder terminals. Those bids are recorded by the system and the bidders are updated with the current auction status information. When appropriate, the system closes the auction from further bidding and notifies the winning bidders and losers as to the auction outcome. The transaction server posts information from a database describing a lot available for purchase, receives a plurality of bids, stored in a bid database, in response to the information, and automatically categorizes the bids as successful or unsuccessful. Each bid is validated, and an electronic mail message is sent informing the bidder of the bid status. This system employs HTTP, and thus does not automatically update remote terminal screens, requiring the e-mail notification feature.
The auction rules may be flexible, for example including Dutch-type auctions, for example by implementing a price markdown feature with scheduled price adjustments, and English-type (progressive) auctions, with price increases corresponding to successively higher bids. In the Dutch type auction, the price markdown feature may be responsive to bidding activity over time, amount of bids received, and number of items bid for. Likewise, in the progressive auction, the award price may be dependent on the quantity desired, and typically implements a lowest successful bid price rule. Bids that are below a preset maximum posted selling price are maintained in reserve by the system. If a certain sales volume is not achieved in a specified period of time, the price is reduced to liquidate demand above the price point, with the new price becoming the posted price. On the other hand, if a certain sales volume is exceeded in a specified period of time, the system may automatically increase the price. These automatic price changes allow the seller to respond quickly to market conditions while keeping the price of the merchandise as high as possible, to the seller's benefit. A “Proxy Bidding” feature allows a bidder to place a bid for the maximum amount they are willing to pay, keeping this value a secret, displaying only the amount necessary to win the item up to the amount of the currently high bids or proxy bids of other bidders. This feature allows bidders to participate in the electronic auction without revealing to the other bidders the extent to which they are willing to increase their bids, while maintaining control of their maximum bid without closely monitoring the bidding. The feature assures proxy bidders the lowest possible price up to a specified maximum without requiring frequent inquiries as to the state of the bidding.
A “Floating Closing Time” feature may also be implemented whereby the auction for a particular item is automatically closed if no new bids are received within a predetermined time interval, assuming an increasing price auction. Bidders thus have an incentive to place bids expeditiously, rather than waiting until near the anticipated close of the auction.
U.S. Pat. No. 5,905,975, Ausubel, issued May 18, 1999, expressly incorporated herein by reference in its entirety, relates to computer implemented methods and apparatus for auctions. The proposed system provides intelligent systems for the auctioneer and for the user. The auctioneer's system contains information from a user system based on bid information entered by the user. With this information, the auctioneer's system determines whether the auction can be concluded or not and appropriate messages are transmitted. At any point in the auction, bidders are provided the opportunity to submit not only their current bids, but also to enter future bids, or bidding rules which may have the opportunity to become relevant at future times or prices, into the auction system's database. Participants may revise their executory bids, by entering updated bids. Thus, at one extreme, a bidder who wishes to economize on his time may choose to enter his entire set of bidding rules into the computerized system at the start of the auction, effectively treating this as a sealed-bid auction. At the opposite extreme, a bidder who wishes to closely participate in the auction may choose to constantly monitor the auction's progress and to submit all of his bids in real time. See also, U.S. patent application Ser. No. 08/582,901 filed Jan. 4, 1996, which provides a method for auctioning multiple, identical objects and close substitutes.
Secure Networks
A number of references relate to secure networks, which are an aspect of various embodiments of the present invention. These references are incorporated herein by reference in their entirety, including U.S. Pat. No. 5,933,498 (Schneck, et al., Aug. 3, 1999); U.S. Pat. No. 5,978,918 (Scholnick, et al., Nov. 2, 1999); U.S. Pat. No. 6,005,943 (Cohen, et al., Dec. 21, 1999); U.S. Pat. No. 6,009,526 (Choi, Dec. 28, 1999); U.S. Pat. No. 6,021,202 (Anderson, et al., Feb. 1, 2000); U.S. Pat. No. 6,021,491 (Renaud, Feb. 1, 2000); U.S. Pat. No. 6,021,497 (Bouthillier, et al., Feb. 1, 2000); U.S. Pat. No. 6,023,762 (Dean, et al., Feb. 8, 2000); U.S. Pat. No. 6,029,245 (Scanlan, Feb. 22, 2000); U.S. Pat. No. 6,049,875 (Suzuki, et al., Apr. 11, 2000); U.S. Pat. No. 6,055,508 (Naor, et al., Apr. 25, 2000); U.S. Pat. No. 6,065,119 (Sandford, I I, et al., May 16, 2000); U.S. Pat. No. 6,073,240 (Kurtzberg, et al., Jun. 6, 2000); U.S. Pat. No. 6,075,860 (Ketcham, Jun. 13, 2000); and U.S. Pat. No. 6,075,861 (Miller, II, Jun. 13, 2000).
Cryptographic Technology
U.S. Pat. No. 5,956,408 (Arnold, Sep. 21, 1999), expressly incorporated herein by reference, relates to an apparatus and method for secure distribution of data. Data, including program and software updates, is encrypted by a public key encryption system using the private key of the data sender. The sender also digitally signs the data. The receiver decrypts the encrypted data, using the public key of the sender, and verifies the digital signature on the transmitted data. The program interacts with basic information stored within the confines of the receiver. As result of the interaction, the software updates are installed within the confines of the user, and the basic information stored within the confines of the user is changed.
U.S. Pat. No. 5,982,891 (Ginter, et al., Nov. 9, 1999); U.S. Pat. No. 5,949,876 (Ginter, et al., Sep. 7, 1999); and U.S. Pat. No. 5,892,900 (Ginter, et al., Apr. 6, 1999), expressly incorporated herein by reference, relate to systems and methods for secure transaction management and electronic rights protection. Electronic appliances, such as computers, help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.”
U.S. Pat. No. 6,009,177 (Sudia, Dec. 28, 1999), expressly incorporated herein by reference, relates to a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. The methods for key escrow and receiving an escrow certificate are also applied herein to a more generalized case of registering a trusted device with a trusted third party and receiving authorization from that party enabling the device to communicate with other trusted devices. Further preferred embodiments provide for rekeying and upgrading of device firmware using a certificate system, and encryption of stream-oriented data.
U.S. Pat. No. 6,052,467 (Brands, Apr. 18, 2000), expressly incorporated herein by reference, relates to a system for ensuring that the blinding of secret-key certificates is restricted, even if the issuing protocol is performed in parallel mode. A cryptographic method is disclosed that enables the issuer in a secret-key certificate issuing protocol to issue triples consisting of a secret key, a corresponding public key, and a secret-key certificate of the issuer on the public key, in such a way that receiving parties can blind the public key and the certificate, but cannot blind a predetermined non-trivial predicate of the secret key even when executions of the issuing protocol are performed in parallel.
U.S. Pat. No. 6,052,780 (Glover, Apr. 18, 2000), expressly incorporated herein by reference, relates to a computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information. Some of these problems with digital information protection systems may be overcome by providing a mechanism that allows a content provider to encrypt digital information without requiring either a hardware or platform manufacturer or a content consumer to provide support for the specific form of corresponding decryption. This mechanism can be provided in a manner that allows the digital information to be copied easily for back-up purposes and to be transferred easily for distribution, but which should not permit copying of the digital information in decrypted form. In particular, the encrypted digital information is stored as an executable computer program that includes a decryption program that decrypts the encrypted information to provide the desired digital information, upon successful completion of an authorization procedure by the user. In combination with other mechanisms that track distribution, enforce royalty payments and control access to decryption keys, an improved method is provided for identifying and detecting sources of unauthorized copies. Suitable authorization procedures also enable the digital information to be distributed for a limited number of uses and/or users, thus enabling per-use fees to be charged for the digital information.
See also, U.S. Pat. No. 4,200,770 (Cryptographic apparatus and method); U.S. Pat. No. 4,218,582 (Public key cryptographic apparatus and method); U.S. Pat. No. 4,264,782 (Method and apparatus for transaction and identity verification); U.S. Pat. No. 4,306,111 (Simple and effective public-key cryptosystem); U.S. Pat. No. 4,309,569 (Method of providing digital signatures); U.S. Pat. No. 4,326,098 (High security system for electronic signature verification); U.S. Pat. No. 4,351,982 (RSA Public-key data encryption system having large random prime number generating microprocessor or the like); U.S. Pat. No. 4,365,110 (Multiple-destinational cryptosystem for broadcast networks); U.S. Pat. No. 4,386,233 (Crytographic key notarization methods and apparatus); U.S. Pat. No. 4,393,269 (Method and apparatus incorporating a one-way sequence for transaction and identity verification); U.S. Pat. No. 4,399,323 (Fast real-time public key cryptography); U.S. Pat. No. 4,405,829 (Cryptographic communications system and method); U.S. Pat. No. 4,438,824 (Apparatus and method for cryptographic identity verification); U.S. Pat. No. 4,453,074 (Protection system for intelligent cards); U.S. Pat. No. 4,458,109 (Method and apparatus providing registered mail features in an electronic communication system); U.S. Pat. No. 4,471,164 (Stream cipher operation using public key cryptosystem); U.S. Pat. No. 4,514,592 (Cryptosystem); U.S. Pat. No. 4,528,588 (Method and apparatus for marking the information content of an information carrying signal); U.S. Pat. No. 4,529,870 (Cryptographic identification, financial transaction, and credential device); U.S. Pat. No. 4,558,176 (Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software); U.S. Pat. No. 4,567,600 (Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission); U.S. Pat. No. 4,575,621 (Portable electronic transaction device and system therefor); U.S. Pat. No. 4,578,531 (Encryption system key distribution method and apparatus); U.S. Pat. No. 4,590,470 (User authentication system employing encryption functions); U.S. Pat. No. 4,595,950 (Method and apparatus for marking the information content of an information carrying signal); U.S. Pat. No. 4,625,076 (Signed document transmission system); U.S. Pat. No. 4,633,036 (Method and apparatus for use in public-key data encryption system); U.S. Pat. No. 5,991,406 (System and method for data recovery); U.S. Pat. No. 6,026,379 (System, method and article of manufacture for managing transactions in a high availability system); U.S. Pat. No. 6,026,490 (Configurable cryptographic processing engine and method); U.S. Pat. No. 6,028,932 (Copy prevention method and apparatus for digital video system); U.S. Pat. No. 6,028,933 (Encrypting method and apparatus enabling multiple access for multiple services and multiple transmission modes over a broadband communication network); U.S. Pat. No. 6,028,936 (Method and apparatus for authenticating recorded media); U.S. Pat. No. 6,028,937 (Communication device which performs two-way encryption authentication in challenge response format); U.S. Pat. No. 6,028,939 (Data security system and method); U.S. Pat. No. 6,029,150 (Payment and transactions in electronic commerce system); U.S. Pat. No. 6,029,195 (System for customized electronic identification of desirable objects); U.S. Pat. No. 6,029,247 (Method and apparatus for transmitting secured data); U.S. Pat. No. 6,031,913 (Apparatus and method for secure communication based on channel characteristics); U.S. Pat. No. 6,031,914 (Method and apparatus for embedding data, including watermarks, in human perceptible images); U.S. Pat. No. 6,034,618 (Device authentication system which allows the authentication function to be changed); U.S. Pat. No. 6,035,041 (Optimal-resilience, proactive, public-key cryptographic system and method); U.S. Pat. No. 6,035,398 (Cryptographic key generation using biometric data); U.S. Pat. No. 6,035,402 (Virtual certificate authority); U.S. Pat. No. 6,038,315 (Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy); U.S. Pat. No. 6,038,316 (Method and system for protection of digital information); U.S. Pat. No. 6,038,322 (Group key distribution); U.S. Pat. No. 6,038,581 (Scheme for arithmetic operations in finite field and group operations over elliptic curves realizing improved computational speed); U.S. Pat. No. 6,038,665 (System and method for backing up computer files over a wide area computer network); U.S. Pat. No. 6,038,666 (Remote identity verification technique using a personal identification device); U.S. Pat. No. 6,041,122 (Method and apparatus for hiding cryptographic keys utilizing autocorrelation timing encoding and computation); U.S. Pat. No. 6,041,123 (Centralized secure communications system); U.S. Pat. No. 6,041,357 (Common session token system and protocol); U.S. Pat. No. 6,041,408 (Key distribution method and system in secure broadcast communication); U.S. Pat. No. 6,041,410 (Personal identification fob); U.S. Pat. No. 6,044,131 (Secure digital x-ray image authentication method); U.S. Pat. No. 6,044,155 (Method and system for securely archiving core data secrets); U.S. Pat. No. 6,044,157 (Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor); U.S. Pat. No. 6,044,205 (Communications system for transferring information between memories according to processes transferred with the information); U.S. Pat. No. 6,044,349 (Secure and convenient information storage and retrieval method and apparatus); U.S. Pat. No. 6,044,350 (Certificate meter with selectable indemnification provisions); U.S. Pat. No. 6,044,388 (Pseudorandom number generator); U.S. Pat. No. 6,044,462 (Method and apparatus for managing key revocation); U.S. Pat. No. 6,044,463 (Method and system for message delivery utilizing zero knowledge interactive proof protocol); U.S. Pat. No. 6,044,464 (Method of protecting broadcast data by fingerprinting a common decryption function); U.S. Pat. No. 6,044,466 (Flexible and dynamic derivation of permissions); U.S. Pat. No. 6,044,468 (Secure transmission using an ordinarily insecure network communication protocol such as SNMP); U.S. Pat. No. 6,047,051 (Implementation of charging in a telecommunications system); U.S. Pat. No. 6,047,066 (Communication method and device); U.S. Pat. No. 6,047,067 (Electronic-monetary system); U.S. Pat. No. 6,047,072 (Method for secure key distribution over a nonsecure communications network); U.S. Pat. No. 6,047,242 (Computer system for protecting software and a method for protecting software); U.S. Pat. No. 6,047,268 (Method and apparatus for billing for transactions conducted over the internet); U.S. Pat. No. 6,047,269 (Self-contained payment system with circulating digital vouchers); U.S. Pat. No. 6,047,374 (Method and apparatus for embedding authentication information within digital data); U.S. Pat. No. 6,047,887 (System and method for connecting money modules); U.S. Pat. No. 6,049,610 (Method and apparatus for digital signature authentication); U.S. Pat. No. 6,049,612 (File encryption method and system); U.S. Pat. No. 6,049,613 (Method and apparatus for encrypting, decrypting, and providing privacy for data values); U.S. Pat. No. 6,049,671 (Method for identifying and obtaining computer software from a network computer); U.S. Pat. No. 6,049,785 (Open network payment system for providing for authentication of payment orders based on a confirmation electronic mail message); U.S. Pat. No. 6,049,786 (Electronic bill presentment and payment system which deters cheating by employing hashes and digital signatures); U.S. Pat. No. 6,049,787 (Electronic business transaction system with notarization database and means for conducting a notarization procedure); U.S. Pat. No. 6,049,838 (Persistent distributed capabilities); U.S. Pat. No. 6,049,872 (Method for authenticating a channel in large-scale distributed systems); U.S. Pat. No. 6,049,874 (System and method for backing up computer files over a wide area computer network); U.S. Pat. No. 6,052,466 (Encryption of data packets using a sequence of private keys generated from a public key exchange); U.S. Pat. No. 6,052,467 (System for ensuring that the blinding of secret-key certificates is restricted, even if the issuing protocol is performed in parallel mode); U.S. Pat. No. 6,052,469 (Interoperable cryptographic key recovery system with verification by comparison); U.S. Pat. No. 6,055,314 (System and method for secure purchase and delivery of video content programs); U.S. Pat. No. 6,055,321 (System and method for hiding and extracting message data in multimedia data); U.S. Pat. No. 6,055,508 (Method for secure accounting and auditing on a communications network); U.S. Pat. No. 6,055,512 (Networked personal customized information and facility services); U.S. Pat. No. 6,055,636 (Method and apparatus for centralizing processing of key and certificate life cycle management); U.S. Pat. No. 6,055,639 (Synchronous message control system in a Kerberos domain); U.S. Pat. No. 6,056,199 (Method and apparatus for storing and reading data); U.S. Pat. No. 6,057,872 (Digital coupons for pay televisions); U.S. Pat. No. 6,058,187 (Secure telecommunications data transmission); U.S. Pat. No. 6,058,188 (Method and apparatus for interoperable validation of key recovery information in a cryptographic system); U.S. Pat. No. 6,058,189 (Method and system for performing secure electronic monetary transactions); U.S. Pat. No. 6,058,193 (System and method of verifying cryptographic postage evidencing using a fixed key set); U.S. Pat. No. 6,058,381 (Many-to-many payments system for network content materials); U.S. Pat. No. 6,058,383 (Computationally efficient method for trusted and dynamic digital objects dissemination); U.S. Pat. No. 6,061,448 (Method and system for dynamic server document encryption); U.S. Pat. No. 6,061,454 (System, method, and computer program for communicating a key recovery block to enable third party monitoring without modification to the intended receiver); U.S. Pat. No. 6,061,692 (System and method for administering a meta database as an integral component of an information server); U.S. Pat. No. 6,061,789 (Secure anonymous information exchange in a network); U.S. Pat. No. 6,061,790 (Network computer system with remote user data encipher methodology); U.S. Pat. No. 6,061,791 (Initial secret key establishment including facilities for verification of identity); U.S. Pat. No. 6,061,792 (System and method for fair exchange of time-independent information goods over a network); U.S. Pat. No. 6,061,794 (System and method for performing secure device communications in a peer-to-peer bus architecture); U.S. Pat. No. 6,061,796 (Multi-access virtual private network); U.S. Pat. No. 6,061,799 (Removable media for password based authentication in a distributed system); U.S. Pat. No. 6,064,723 (Network-based multimedia communications and directory system and method of operation); U.S. Pat. No. 6,064,738 (Method for encrypting and decrypting data using chaotic maps); U.S. Pat. No. 6,064,740 (Method and apparatus for masking modulo exponentiation calculations in an integrated circuit); U.S. Pat. No. 6,064,741 (Method for the computer-aided exchange of cryptographic keys between a user computer unit U and a network computer unit N); U.S. Pat. No. 6,064,764 (Fragile watermarks for detecting tampering in images); U.S. Pat. No. 6,064,878 (Method for separately permissioned communication); U.S. Pat. No. 6,065,008 (System and method for secure font subset distribution); U.S. Pat. No. 6,067,620 (Stand alone security device for computer networks); U.S. Pat. No. 6,069,647 (Conditional access and content security method); U.S. Pat. No. 6,069,952 (Data copyright management system); U.S. Pat. No. 6,069,954 (Cryptographic data integrity with serial bit processing and pseudo-random generators); U.S. Pat. No. 6,069,955 (System for protection of goods against counterfeiting); U.S. Pat. No. 6,069,969 (Apparatus and method for electronically acquiring fingerprint images); U.S. Pat. No. 6,069,970 (Fingerprint sensor and token reader and associated methods); U.S. Pat. No. 6,070,239 (System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources); U.S. Pat. No. 6,072,870 (System, method and article of manufacture for a gateway payment architecture utilizing a multichannel, extensible, flexible architecture); U.S. Pat. No. 6,072,874 (Signing method and apparatus using the same); U.S. Pat. No. 6,072,876 (Method and system for depositing private key used in RSA cryptosystem); U.S. Pat. No. 6,073,125 (Token key distribution system controlled acceptance mail payment and evidencing system); U.S. Pat. No. 6,073,160 (Document communications controller); U.S. Pat. No. 6,073,172 (Initializing and reconfiguring a secure network interface); U.S. Pat. No. 6,073,234 (Device for authenticating user's access rights to resources and method); U.S. Pat. No. 6,073,236 (Authentication method, communication method, and information processing apparatus); U.S. Pat. No. 6,073,237 (Tamper resistant method and apparatus); U.S. Pat. No. 6,073,238 (Method of securely loading commands in a smart card); U.S. Pat. No. 6,073,242 (Electronic authority server); U.S. Pat. No. 6,075,864 (Method of establishing secure, digitally signed communications using an encryption key based on a blocking set cryptosystem); U.S. Pat. No. 6,075,865 (Cryptographic communication process and apparatus); U.S. Pat. No. 6,076,078 (Anonymous certified delivery); U.S. Pat. No. 6,076,162 (Certification of cryptographic keys for chipcards); U.S. Pat. No. 6,076,163 (Secure user identification based on constrained polynomials); U.S. Pat. No. 6,076,164 (Authentication method and system using IC card); U.S. Pat. No. 6,076,167 (Method and system for improving security in network applications); U.S. Pat. No. 6,078,663 (Communication apparatus and a communication system); U.S. Pat. No. 6,078,665 (Electronic encryption device and method); U.S. Pat. No. 6,078,667 (Generating unique and unpredictable values); U.S. Pat. No. 6,078,909 (Method and apparatus for licensing computer programs using a DSA signature); U.S. Pat. No. 6,079,018 (System and method for generating unique secure values for digitally signing documents); U.S. Pat. No. 6,079,047 (Unwrapping system and method for multiple files of a container); U.S. Pat. No. 6,081,597 (Public key cryptosystem method and apparatus); U.S. Pat. No. 6,081,598 (Cryptographic system and method with fast decryption); U.S. Pat. No. 6,081,610 (System and method for verifying signatures on documents); U.S. Pat. No. 6,081,790 (System and method for secure presentment and payment over open networks); U.S. Pat. No. 6,081,893 (System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record), U.S. Pat. No. 6,192,473 (System and method for mutual authentication and secure communications between a postage security device and a meter server), each of which is expressly incorporated herein by reference.
See, also, U.S. Pat. No. 6,028,937 (Tatebayashi et al.), U.S. Pat. No. 6,026,167 (Aziz), U.S. Pat. No. 6,009,171 (Ciacelli et al.) (Content Scrambling System, or “CSS”), U.S. Pat. No. 5,991,399 (Graunke et al.), U.S. Pat. No. 5,948,136 (Smyers) (IEEE 1394-1995), and U.S. Pat. No. 5,915,018 (Aucsmith), expressly incorporated herein by reference, and Jim Wright and Jeff Robillard (Philsar Semiconductor), “Adding Security to Portable Designs”, Portable Design, March 2000, pp. 16-20.
See also, Stefik, U.S. Pat. No. 5,715,403 (System for controlling the distribution and use of digital works having attached usage rights where the usage rights are defined by a usage rights grammar); U.S. Pat. No. 5,638,443 (System for controlling the distribution and use of composite digital works); U.S. Pat. No. 5,634,012 (System for controlling the distribution and use of digital works having a fee reporting mechanism); and U.S. Pat. No. 5,629,980 (System for controlling the distribution and use of digital works), expressly incorporated herein by reference.
Watermarking
U.S. Pat. No. 5,699,427 (Chow, et al., Dec. 16, 1997), expressly incorporated herein by reference, relates to a method to deter document and intellectual property piracy through individualization, and a system for identifying the authorized receiver of any particular copy of a document. More specifically, each particular copy of a document is fingerprinted by applying a set of variations to a document, where each variation is a change in data contents, but does not change the meaning or perusal experience of the document. A database associating a set of variants to a receiver is maintained. Thus any variant or copy of that variant can be traced to an authorized receiver.
See also, U.S. Pat. No. 4,734,564 (Transaction system with off-line risk assessment); U.S. Pat. No. 4,812,628 (Transaction system with off-line risk assessment); U.S. Pat. No. 4,926,325 (Apparatus for carrying out financial transactions via a facsimile machine); U.S. Pat. No. 5,235,166 (Data verification method and magnetic media therefor); U.S. Pat. No. 5,254,843 (Securing magnetically encoded data using timing variations in encoded data); U.S. Pat. No. 5,341,429 (Transformation of ephemeral material); U.S. Pat. No. 5,428,683 (Method and apparatus for fingerprinting and authenticating magnetic media); U.S. Pat. No. 5,430,279 (Data verification method and magnetic media therefor); U.S. Pat. No. 5,521,722 (Image handling facilitating computer aided design and manufacture of documents); U.S. Pat. No. 5,546,462 (Method and apparatus for fingerprinting and authenticating various magnetic media); U.S. Pat. No. 5,606,609 (Electronic document verification system and method); U.S. Pat. No. 5,613,004 (Steganographic method and device); U.S. Pat. No. 5,616,904 (Data verification method and magnetic media therefor); U.S. Pat. No. 5,636,292 (Steganography methods employing embedded calibration data); U.S. Pat. No. 5,646,997 (Method and apparatus for embedding authentication information within digital data); U.S. Pat. No. 5,659,726 (Data embedding); U.S. Pat. No. 5,664,018 (Watermarking process resilient to collusion attacks); U.S. Pat. No. 5,687,236 (Steganographic method and device); U.S. Pat. No. 5,710,834 (Method and apparatus responsive to a code signal conveyed through a graphic image); U.S. Pat. No. 5,727,092 (Compression embedding); U.S. Pat. No. 5,734,752 (Digital watermarking using stochastic screen patterns); U.S. Pat. No. 5,740,244 (Method and apparatus for improved fingerprinting and authenticating various magnetic media); U.S. Pat. No. 5,745,569 (Method for stega-cipher protection of computer code); U.S. Pat. No. 5,745,604 (Identification/authentication system using robust, distributed coding); U.S. Pat. No. 5,748,763 (Image steganography system featuring perceptually adaptive and globally scalable signal embedding); U.S. Pat. No. 5,748,783 (Method and apparatus for robust information coding); U.S. Pat. No. 5,761,686 (Embedding encoded information in an iconic version of a text image); U.S. Pat. No. 5,765,152 (System and method for managing copyrighted electronic media); U.S. Pat. No. 5,768,426 (Graphics processing system employing embedded code signals); U.S. Pat. No. 5,778,102 (Compression embedding); U.S. Pat. No. 5,790,703 (Digital watermarking using conjugate halftone screens); U.S. Pat. No. 5,819,289 (Data embedding employing degenerate clusters of data having differences less than noise value); U.S. Pat. No. 5,822,432 (Method for human-assisted random key generation and application for digital watermark system); U.S. Pat. No. 5,822,436 (Photographic products and methods employing embedded information); U.S. Pat. No. 5,832,119 (Methods for controlling systems using control signals embedded in empirical data); U.S. Pat. No. 5,841,886 (Security system for photographic identification); U.S. Pat. No. 5,841,978 (Network linking method using steganographically embedded data objects); U.S. Pat. No. 5,848,155 (Spread spectrum watermark for embedded signalling); U.S. Pat. No. 5,850,481 (Steganographic system); U.S. Pat. No. 5,862,260 (Methods for surveying dissemination of proprietary empirical data); U.S. Pat. No. 5,878,137 (Method for obtaining authenticity identification devices for using services in general, and device obtained thereby); U.S. Pat. No. 5,889,868 (Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data); U.S. Pat. No. 5,892,900 (Systems and methods for secure transaction management and electronic rights protection); U.S. Pat. No. 5,905,505 (Method and system for copy protection of on-screen display of text); U.S. Pat. No. 5,905,800 (Method and system for digital watermarking); U.S. Pat. No. 5,915,027 (Digital watermarking); U.S. Pat. No. 5,920,628 (Method and apparatus for fingerprinting and authenticating various magnetic media); U.S. Pat. No. 5,930,369 (Secure spread spectrum watermarking for multimedia data); U.S. Pat. No. 5,933,498 (System for controlling access and distribution of digital property); U.S. Pat. No. 5,943,422 (Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels); U.S. Pat. No. 5,946,414 (Encoding data in color images using patterned color modulated image regions); U.S. Pat. No. 5,949,885 (Method for protecting content using watermarking); U.S. Pat. No. 5,974,548 (Media-independent document security method and apparatus); U.S. Pat. No. 5,995,625 (Electronic cryptographic packing); U.S. Pat. No. 6,002,772 (Data management system); U.S. Pat. No. 6,004,276 (Open architecture cardiology information system); U.S. Pat. No. 6,006,328 (Computer software authentication, protection, and security system); U.S. Pat. No. 6,006,332 (Rights management system for digital media); U.S. Pat. No. 6,018,801 (Method for authenticating electronic documents on a computer network); U.S. Pat. No. 6,026,193 (Video steganography); U.S. Pat. No. 6,044,464 (Method of protecting broadcast data by fingerprinting a common decryption function); U.S. Pat. No. 6,047,374 (Method and apparatus for embedding authentication information within digital data); U.S. Pat. No. 6,049,627 (Covert digital identifying indicia for digital image); U.S. Pat. No. 6,061,451 (Apparatus and method for receiving and decrypting encrypted data and protecting decrypted data from illegal use); U.S. Pat. No. 6,064,737 (Anti-piracy system for wireless telephony); U.S. Pat. No. 6,064,764 (Fragile watermarks for detecting tampering in images); U.S. Pat. No. 6,069,914 (Watermarking of image data using MPEG/JPEG coefficients); U.S. Pat. No. 6,076,077 (Data management system); U.S. Pat. No. 6,081,793 (Method and system for secure computer moderated voting), each of which is expressly incorporated herein by reference.
Role-Based Access
U.S. Pat. No. 6,023,765 (Kuhn, Feb. 8, 2000; Implementation of role-based access control in multi-level secure systems), expressly incorporated herein by reference, relates to a system and method for implementation of role-based access control in multi-level secure systems. Role-based access control (RBAC) is implemented on a multi-level secure (MLS) system by establishing a relationship between privileges within the RBAC system and pairs of levels and compartments within the MLS system. The advantages provided by RBAC, that is, reducing the overall number of connections that must be maintained, and, for example, greatly simplifying the process required in response to a change of job status of individuals within an organization, are then realized without loss of the security provided by MLS. A trusted interface function is developed to ensure that the RBAC rules permitting individual's access to objects are followed rigorously, and provides a proper mapping of the roles to corresponding pairs of levels and compartments. No other modifications are necessary. Access requests from subjects are mapped by the interface function to pairs of levels and compartments, after which access is controlled entirely by the rules of the MLS system.
See also, U.S. Pat. No. 6,073,242 (Electronic authority server); U.S. Pat. No. 6,073,240 (Method and apparatus for realizing computer security); U.S. Pat. No. 6,064,977 (Web server with integrated scheduling and calendaring); U.S. Pat. No. 6,055,637 (System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential); U.S. Pat. No. 6,044,466 (Flexible and dynamic derivation of permissions); U.S. Pat. No. 6,041,349 (System management/network correspondence display method and system therefore); U.S. Pat. No. 6,014,666 (Declarative and programmatic access control of component-based server applications using roles); U.S. Pat. No. 5,991,877 (Object-oriented trusted application framework); U.S. Pat. No. 5,978,475 (Event auditing system); U.S. Pat. No. 5,949,866 (Communications system for establishing a communication channel on the basis of a functional role or task); U.S. Pat. No. 5,925,126 (Method for security shield implementation in computer system's software); U.S. Pat. No. 5,911,143 (Method and system for advanced role-based access control in distributed and centralized computer systems); U.S. Pat. No. 5,797,128 (System and method for implementing a hierarchical policy for computer system administration); U.S. Pat. No. 5,761,288 (Service context sensitive features and applications); U.S. Pat. No. 5,751,909 (Database system with methods for controlling object interaction by establishing database contracts between objects); U.S. Pat. No. 5,748,890 (Method and system for authenticating and auditing access by a user to non-natively secured applications); U.S. Pat. No. 5,621,889 (Facility for detecting intruders and suspect callers in a computer installation and a security system including such a facility); U.S. Pat. No. 5,535,383 (Database system with methods for controlling object interaction by establishing database contracts between objects); U.S. Pat. No. 5,528,516 (Apparatus and method for event correlation and problem reporting); U.S. Pat. No. 5,481,613 (Computer network cryptographic key distribution system); U.S. Pat. No. 5,347,578 (Computer system security); U.S. Pat. No. 5,265,221 (Access restriction facility method and apparatus), each of which is expressly incorporated herein by reference.
Computer System Security
A number of references relate to computer system security, which is a part of various embodiment of the invention. The following references relevant to this issue are incorporated herein by reference: U.S. Pat. No. 5,881,225 (Worth, Mar. 9, 1999); U.S. Pat. No. 5,937,068 (Audebert, Aug. 10, 1999); U.S. Pat. No. 5,949,882 (Angelo, Sep. 7, 1999); U.S. Pat. No. 5,953,419 (Lohstroh, et al., Sep. 14, 1999); U.S. Pat. No. 5,956,400 (Chaum, et al., Sep. 21, 1999); U.S. Pat. No. 5,958,050 (Griffin, et al., Sep. 28, 1999); U.S. Pat. No. 5,978,475 (Schreier, et al., Nov. 2, 1999); U.S. Pat. No. 5,991,878 (McDonough, et al., Nov. 23, 1999); U.S. Pat. No. 6,070,239 (McManis, May 30, 2000); and U.S. Pat. No. 6,079,021 (Abadi, et al., Jun. 20, 2000).
Computer Security Devices
A number of references relate to computer security devices, which is a part of various embodiment of the invention. The following references relevant to this issue are incorporated herein by reference: U.S. Pat. No. 5,982,520 (Weiser, et al., Nov. 9, 1999); U.S. Pat. No. 5,991,519 (Benhammou, et al., Nov. 23, 1999); U.S. Pat. No. 5,999,629 (Heer, et al., Dec. 7, 1999); U.S. Pat. No. 6,034,618 (Tatebayashi, et al., Mar. 7, 2000); U.S. Pat. No. 6,041,412 (Timson, et al., Mar. 21, 2000); U.S. Pat. No. 6,061,451 (Muratani, et al., May 9, 2000); and U.S. Pat. No. 6,069,647 (Sullivan, et al., May 30, 2000).
Virtual Private Network
A number of references relate to virtual private networks, which is a part of various embodiment of the invention. The following references relevant to this issue are incorporated herein by reference: U.S. Pat. No. 6,079,020 (Liu, Jun. 20, 2000); U.S. Pat. No. 6,081,900 (Secure intranet access); U.S. Pat. No. 6,081,533 (Method and apparatus for an application interface module in a subscriber terminal unit); U.S. Pat. No. 6,079,020 (Method and apparatus for managing a virtual private network); U.S. Pat. No. 6,078,946 (System and method for management of connection oriented networks); U.S. Pat. No. 6,078,586 (ATM virtual private networks); U.S. Pat. No. 6,075,854 (Fully flexible routing service for an advanced intelligent network); U.S. Pat. No. 6,075,852 (Telecommunications system and method for processing call-independent signalling transactions); U.S. Pat. No. 6,073,172 (Initializing and reconfiguring a secure network interface); U.S. Pat. No. 6,061,796 (Multi-access virtual private network); U.S. Pat. No. 6,061,729 (Method and system for communicating service information in an advanced intelligent network); U.S. Pat. No. 6,058,303 (System and method for subscriber activity supervision); U.S. Pat. No. 6,055,575 (Virtual private network system and method); U.S. Pat. No. 6,052,788 (Firewall providing enhanced network security and user transparency); U.S. Pat. No. 6,047,325 (Network device for supporting construction of virtual local area networks on arbitrary local and wide area computer networks); U.S. Pat. No. 6,032,118 (Virtual private network service provider for asynchronous transfer mode network); U.S. Pat. No. 6,029,067 (Virtual private network for mobile subscribers); U.S. Pat. No. 6,016,318 (Virtual private network system over public mobile data network and virtual LAN); U.S. Pat. No. 6,009,430 (Method and system for provisioning databases in an advanced intelligent network); U.S. Pat. No. 6,005,859 (Proxy VAT-PSTN origination); U.S. Pat. No. 6,002,767 (System, method and article of manufacture for a modular gateway server architecture); U.S. Pat. No. 6,002,756 (Method and system for implementing intelligent telecommunication services utilizing self-sustaining, fault-tolerant object oriented architecture), each of which is expressly incorporated herein by reference.
See also, U.S. Pat. No. 6,081,900 (Secure intranet access); U.S. Pat. No. 6,081,750 (Ergonomic man-machine interface incorporating adaptive pattern recognition based control system); U.S. Pat. No. 6,081,199 (Locking device for systems access to which is time-restricted); U.S. Pat. No. 6,079,621 (Secure card for E-commerce and identification); U.S. Pat. No. 6,078,265 (Fingerprint identification security system); U.S. Pat. No. 6,076,167 (Method and system for improving security in network applications); U.S. Pat. No. 6,075,455 (Biometric time and attendance system with epidermal topographical updating capability); U.S. Pat. No. 6,072,894 (Biometric face recognition for applicant screening); U.S. Pat. No. 6,070,141 (System and method of assessing the quality of an identification transaction using an identification quality score); U.S. Pat. No. 6,068,184 (Security card and system for use thereof); U.S. Pat. No. 6,064,751 (Document and signature data capture system and method); U.S. Pat. No. 6,056,197 (Information recording method for preventing alteration, information recording apparatus, and information recording medium); U.S. Pat. No. 6,052,468 (Method of securing a cryptographic key); U.S. Pat. No. 6,045,039 (Cardless automated teller transactions); U.S. Pat. No. 6,044,349 (Secure and convenient information storage and retrieval method and apparatus); U.S. Pat. No. 6,044,155 (Method and system for securely archiving core data secrets); U.S. Pat. No. 6,041,410 (Personal identification fob); U.S. Pat. No. 6,040,783 (System and method for remote, wireless positive identity verification); U.S. Pat. No. 6,038,666 (Remote identity verification technique using a personal identification device); U.S. Pat. No. 6,038,337 (Method and apparatus for object recognition); U.S. Pat. No. 6,038,315 (Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy); U.S. Pat. No. 6,037,870 (Detector system for access control, and a detector assembly for implementing such a system); U.S. Pat. No. 6,035,406 (Plurality-factor security system); U.S. Pat. No. 6,035,402 (Virtual certificate authority); U.S. Pat. No. 6,035,398 (Cryptographic key generation using biometric data); U.S. Pat. No. 6,031,910 (Method and system for the secure transmission and storage of protectable information); U.S. Pat. No. 6,026,166 (Digitally certifying a user identity and a computer system in combination); U.S. Pat. No. 6,018,739 (Biometric personnel identification system); U.S. Pat. No. 6,016,476 (Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security); U.S. Pat. No. 6,012,049 (System for performing financial transactions using a smartcard); U.S. Pat. No. 6,012,039 (Tokenless biometric electronic rewards system); U.S. Pat. No. 6,011,858 (Memory card having a biometric template stored thereon and system for using same); U.S. Pat. No. 6,009,177 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 6,006,328 (Computer software authentication, protection, and security system); U.S. Pat. No. 6,003,135 (Modular security device); U.S. Pat. No. 6,002,770 (Method for secure data transmission between remote stations); U.S. Pat. No. 5,999,637 (Individual identification apparatus for selectively recording a reference pattern based on a correlation with comparative patterns); U.S. Pat. No. 5,999,095 (Electronic security system); U.S. Pat. No. 5,995,630 (Biometric input with encryption); U.S. Pat. No. 5,991,431 (Mouse adapted to scan biometric data); U.S. Pat. No. 5,991,429 (Facial recognition system for security access and identification); U.S. Pat. No. 5,991,408 (Identification and security using biometric measurements); U.S. Pat. No. 5,987,155 (Biometric input device with peripheral port); U.S. Pat. No. 5,987,153 (Automated verification and prevention of spoofing for biometric data); U.S. Pat. No. 5,986,746 (Topographical object detection system); U.S. Pat. No. 5,984,366 (Unalterable self-verifying articles); U.S. Pat. No. 5,982,894 (System including separable protected components and associated methods); U.S. Pat. No. 5,979,773 (Dual smart card access control electronic data storage and retrieval system and methods); U.S. Pat. No. 5,978,494 (Method of selecting the best enroll image for personal identification); U.S. Pat. No. 5,974,146 (Real time bank-centric universal payment system); U.S. Pat. No. 5,970,143 (Remote-auditing of computer generated outcomes, authenticated billing and access control, and software metering system using cryptographic and other protocols); U.S. Pat. No. 5,966,446 (Time-bracketing infrastructure implementation); U.S. Pat. No. 5,963,908 (Secure logon to notebook or desktop computers); U.S. Pat. No. 5,963,657 (Economical skin-pattern-acquisition and analysis apparatus for access control; systems controlled thereby); U.S. Pat. No. 5,954,583 (Secure access control system); U.S. Pat. No. 5,952,641 (Security device for controlling the access to a personal computer or to a computer terminal); U.S. Pat. No. 5,951,055 (Security document containing encoded data block); U.S. Pat. No. 5,949,881 (Apparatus and method for cryptographic companion imprinting); U.S. Pat. No. 5,949,879 (Auditable security system for the generation of cryptographically protected digital data); U.S. Pat. No. 5,949,046 (Apparatus for issuing integrated circuit cards); U.S. Pat. No. 5,943,423 (Smart token system for secure electronic transactions and identification); U.S. Pat. No. 5,935,071 (Ultrasonic biometric imaging and identity verification system); U.S. Pat. No. 5,933,515 (User identification through sequential input of fingerprints); U.S. Pat. No. 5,933,498 (System for controlling access and distribution of digital property); U.S. Pat. No. 5,930,804 (Web-based biometric authentication system and method); U.S. Pat. No. 5,923,763 (Method and apparatus for secure document timestamping); U.S. Pat. No. 5,920,477 (Human factored interface incorporating adaptive pattern recognition based controller apparatus); U.S. Pat. No. 5,920,384 (Optical imaging device); U.S. Pat. No. 5,920,058 (Holographic labeling and reading machine for authentication and security applications); U.S. Pat. No. 5,915,973 (System for administration of remotely-proctored, secure examinations and methods therefor); U.S. Pat. No. 5,913,196 (System and method for establishing identity of a speaker); U.S. Pat. No. 5,913,025 (Method and apparatus for proxy authentication); U.S. Pat. No. 5,912,974 (Apparatus and method for authentication of printed documents); U.S. Pat. No. 5,912,818 (System for tracking and dispensing medical items); U.S. Pat. No. 5,910,988 (Remote image capture with centralized processing and storage); U.S. Pat. No. 5,907,149 (Identification card with delimited usage); U.S. Pat. No. 5,901,246 (Ergonomic man-machine interface incorporating adaptive pattern recognition based control system); U.S. Pat. No. 5,898,154 (System and method for updating security information in a time-based electronic monetary system); U.S. Pat. No. 5,897,616 (Apparatus and methods for speaker verification/identification/classification employing non-acoustic and/or acoustic models and databases); U.S. Pat. No. 5,892,902 (Intelligent token protected system with network authentication); U.S. Pat. No. 5,892,838 (Biometric recognition using a classification neural network); U.S. Pat. No. 5,892,824 (Signature capture/verification systems and methods); U.S. Pat. No. 5,890,152 (Personal feedback browser for obtaining media files); U.S. Pat. No. 5,889,474 (Method and apparatus for transmitting subject status information over a wireless communications network); U.S. Pat. No. 5,881,226 (Computer security system); U.S. Pat. No. 5,878,144 (Digital certificates containing multimedia data extensions); U.S. Pat. No. 5,876,926 (Method, apparatus and system for verification of human medical data); U.S. Pat. No. 5,875,108 (Ergonomic man-machine interface incorporating adaptive pattern recognition based control system); U.S. Pat. No. 5,872,849 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 5,872,848 (Method and apparatus for witnessed authentication of electronic documents); U.S. Pat. No. 5,872,834 (Telephone with biometric sensing device); U.S. Pat. No. 5,870,723 (Tokenless biometric transaction authorization method and system); U.S. Pat. No. 5,869,822 (Automated fingerprint identification system); U.S. Pat. No. 5,867,802 (Biometrically secured control system for preventing the unauthorized use of a vehicle); U.S. Pat. No. 5,867,795 (Portable electronic device with transceiver and visual image display); U.S. Pat. No. 5,867,578 (Adaptive multi-step digital signature system and method of operation thereof); U.S. Pat. No. 5,862,260 (Methods for surveying dissemination of proprietary empirical data); U.S. Pat. No. 5,862,246 (Knuckle profile identity verification system); U.S. Pat. No. 5,862,223 (Method and apparatus for a cryptographically-assisted commercial network system designed to facilitate and support expert-based commerce); U.S. Pat. No. 5,857,022 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 5,850,451 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 5,850,442 (Secure world wide electronic commerce over an open network); U.S. Pat. No. 5,848,231 (System configuration contingent upon secure input); U.S. Pat. No. 5,844,244 (Portable identification carrier); U.S. Pat. No. 5,841,907 (Spatial integrating optical correlator for verifying the authenticity of a person, product or thing); U.S. Pat. No. 5,841,886 (Security system for photographic identification); U.S. Pat. No. 5,841,865 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 5,841,122 (Security structure with electronic smart card access thereto with transmission of power and data between the smart card and the smart card reader performed capacitively or inductively); U.S. Pat. No. 5,838,812 (Tokenless biometric transaction authorization system); U.S. Pat. No. 5,832,464 (System and method for efficiently processing payments via check and electronic funds transfer); U.S. Pat. No. 5,832,119 (Methods for controlling systems using control signals embedded in empirical data); U.S. Pat. No. 5,828,751 (Method and apparatus for secure measurement certification); U.S. Pat. No. 5,825,880 (Multi-step digital signature method and system); U.S. Pat. No. 5,825,871 (Information storage device for storing personal identification information); U.S. Pat. No. 5,815,577 (Methods and apparatus for securely encrypting data in conjunction with a personal computer); U.S. Pat. No. 5,815,252 (Biometric identification process and system utilizing multiple parameters scans for reduction of false negatives); U.S. Pat. No. 5,805,719 (Tokenless identification of individuals); U.S. Pat. No. 5,802,199 (Use sensitive identification system); U.S. Pat. No. 5,799,088 (Non-deterministic public key encryption system); U.S. Pat. No. 5,799,086 (Enhanced cryptographic system and method with key escrow feature); U.S. Pat. No. 5,799,083 (Event verification system); U.S. Pat. No. 5,790,674 (System and method of providing system integrity and positive audit capabilities to a positive identification system); U.S. Pat. No. 5,790,668 (Method and apparatus for securely handling data in a database of biometrics and associated data); U.S. Pat. No. 5,789,733 (Smart card with contactless optical interface); U.S. Pat. No. 5,787,187 (Systems and methods for biometric identification using the acoustic properties of the ear canal); U.S. Pat. No. 5,784,566 (System and method for negotiating security services and algorithms for communication across a computer network); U.S. Pat. No. 5,784,461 (Security system for controlling access to images and image related services); U.S. Pat. No. 5,774,551 (Pluggable account management interface with unified login and logout and multiple user authentication services); U.S. Pat. No. 5,771,071 (Apparatus for coupling multiple data sources onto a printed document); U.S. Pat. No. 5,770,849 (Smart card device with pager and visual image display); U.S. Pat. No. 5,768,382 (Remote-auditing of computer generated outcomes and authenticated billing and access control system using cryptographic and other protocols); U.S. Pat. No. 5,767,496 (Apparatus for processing symbol-encoded credit card information); U.S. Pat. No. 5,764,789 (Tokenless biometric ATM access system); U.S. Pat. No. 5,763,862 (Dual card smart card reader); U.S. Pat. No. 5,761,298 (Communications headset with universally adaptable receiver and voice transmitter); U.S. Pat. No. 5,757,916 (Method and apparatus for authenticating the location of remote users of networked computing systems); U.S. Pat. No. 5,757,431 (Apparatus for coupling multiple data sources onto a printed document); U.S. Pat. No. 5,751,836 (Automated, non-invasive iris recognition system and method); U.S. Pat. No. 5,751,809 (Apparatus and method for securing captured data transmitted between two sources); U.S. Pat. No. 5,748,738 (System and method for electronic transmission, storage and retrieval of authenticated documents); U.S. Pat. No. 5,745,573 (System and method for controlling access to a user secret); U.S. Pat. No. 5,745,555 (System and method using personal identification numbers and associated prompts for controlling unauthorized use of a security device and unauthorized access to a resource); U.S. Pat. No. 5,742,685 (Method for verifying an identification card and recording verification of same); U.S. Pat. No. 5,742,683 (System and method for managing multiple users with different privileges in an open metering system); U.S. Pat. No. 5,737,420 (Method for secure data transmission between remote stations); U.S. Pat. No. 5,734,154 (Smart card with integrated reader and visual image display); U.S. Pat. No. 5,719,950 (Biometric, personal authentication system); U.S. Pat. No. 5,712,914 (Digital certificates containing multimedia data extensions); U.S. Pat. No. 5,712,912 (Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniques); U.S. Pat. No. 5,706,427 (Authentication method for networks); U.S. Pat. No. 5,703,562 (Method for transferring data from an unsecured computer to a secured computer); U.S. Pat. No. 5,696,827 (Secure cryptographic methods for electronic transfer of information); U.S. Pat. No. 5,682,142 (Electronic control system/network); U.S. Pat. No. 5,682,032 (Capacitively coupled identity verification and escort memory apparatus); U.S. Pat. No. 5,680,460 (Biometric controlled key generation); U.S. Pat. No. 5,668,878 (Secure cryptographic methods for electronic transfer of information); U.S. Pat. No. 5,666,400 (Intelligent recognition); U.S. Pat. No. 5,659,616 (Method for securely using digital signatures in a commercial cryptographic system); U.S. Pat. No. 5,647,364 (Ultrasonic biometric imaging and identity verification system); U.S. Pat. No. 5,647,017 (Method and system for the verification of handwritten signatures); U.S. Pat. No. 5,646,839 (Telephone-based personnel tracking system); U.S. Pat. No. 5,636,282 (Method for dial-in access security using a multimedia modem); U.S. Pat. No. 5,633,932 (Apparatus and method for preventing disclosure through user-authentication at a printing node); U.S. Pat. No. 5,615,277 (Tokenless security system for authorizing access to a secured computer system); U.S. Pat. No. 5,613,012 (Tokenless identification system for authorization of electronic transactions and electronic transmissions); U.S. Pat. No. 5,608,387 (Personal identification devices and access control systems); U.S. Pat. No. 5,594,806 (Knuckle profile identity verification system); U.S. Pat. No. 5,592,408 (Identification card and access control device); U.S. Pat. No. 5,588,059 (Computer system and method for secure remote communication sessions); U.S. Pat. No. 5,586,171 (Selection of a voice recognition data base responsive to video data); U.S. Pat. No. 5,583,950 (Method and apparatus for flash correlation); U.S. Pat. No. 5,583,933 (Method and apparatus for the secure communication of data); U.S. Pat. No. 5,578,808 (Data card that can be used for transactions involving separate card issuers); U.S. Pat. No. 5,572,596 (Automated, non-invasive iris recognition system and method); U.S. Pat. No. 5,561,718 (Classifying faces); U.S. Pat. No. 5,559,885 (Two stage read-write method for transaction cards); U.S. Pat. No. 5,557,765 (System and method for data recovery); U.S. Pat. No. 5,553,155 (Low cost method employing time slots for thwarting fraud in the periodic issuance of food stamps, unemployment benefits or other governmental human services); U.S. Pat. No. 5,544,255 (Method and system for the capture, storage, transport and authentication of handwritten signatures); U.S. Pat. No. 5,534,855 (Method and system for certificate based alias detection); U.S. Pat. No. 5,533,123 (Programmable distributed personal security); U.S. Pat. No. 5,526,428 (Access control apparatus and method); U.S. Pat. No. 5,523,739 (Metal detector for control of access combined in an integrated form with a transponder detector); U.S. Pat. No. 5,497,430 (Method and apparatus for image recognition using invariant feature signals); U.S. Pat. No. 5,485,519 (Enhanced security for a secure token code); U.S. Pat. No. 5,485,312 (Optical pattern recognition system and method for verifying the authenticity of a person, product or thing); U.S. Pat. No. 5,483,601 (Apparatus and method for biometric identification using silhouette and displacement images of a portion of a person's hand); U.S. Pat. No. 5,478,993 (Process as safety concept against unauthorized use of a payment instrument in cashless payment at payment sites); U.S. Pat. No. 5,475,839 (Method and structure for securing access to a computer system); U.S. Pat. No. 5,469,506 (Apparatus for verifying an identification card and identifying a person by means of a biometric characteristic); U.S. Pat. No. 5,457,747 (Anti-fraud verification system using a data card); U.S. Pat. No. 5,455,407 (Electronic-monetary system); U.S. Pat. No. 5,453,601 (Electronic-monetary system); U.S. Pat. No. 5,448,045 (System for protecting computers via intelligent tokens or smart cards); U.S. Pat. No. 5,432,864 (Identification card verification system); U.S. Pat. No. 5,414,755 (System and method for passive voice verification in a telephone network); U.S. Pat. No. 5,412,727 (Anti-fraud voter registration and voting system using a data card); U.S. Pat. No. 5,363,453 (Non-minutiae automatic fingerprint identification system and methods); U.S. Pat. No. 5,347,580 (Authentication method and system with a smartcard); U.S. Pat. No. 5,345,549 (Multimedia based security systems); U.S. Pat. No. 5,341,428 (Multiple cross-check document verification system); U.S. Pat. No. 5,335,288 (Apparatus and method for biometric identification); U.S. Pat. No. 5,291,560 (Biometric personal identification system based on iris analysis); U.S. Pat. No. 5,283,431 (Optical key security access system); U.S. Pat. No. 5,280,527 (Biometric token for authorizing access to a host system); U.S. Pat. No. 5,272,754 (Secure computer interface); U.S. Pat. No. 5,245,329 (Access control system with mechanical keys which store data); U.S. Pat. No. 5,229,764 (Continuous biometric authentication matrix); U.S. Pat. No. 5,228,094 (Process of identifying and authenticating data characterizing an individual); U.S. Pat. No. 5,224,173 (Method of reducing fraud in connection with employment, public license applications, social security, food stamps, welfare or other government benefits); U.S. Pat. No. 5,208,858 (Method for allocating useful data to a specific originator); U.S. Pat. No. 5,204,670 (Adaptable electric monitoring and identification system); U.S. Pat. No. 5,191,611 (Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients); U.S. Pat. No. 5,163,094 (Method for identifying individuals from analysis of elemental shapes derived from biosensor data); U.S. Pat. No. 5,155,680 (Billing system for computing software); U.S. Pat. No. 5,131,038 (Portable authentication system); U.S. Pat. No. 5,073,950 (Finger profile identification system); U.S. Pat. No. 5,067,162 (Method and apparatus for verifying identity using image correlation); U.S. Pat. No. 5,065,429 (Method and apparatus for protecting material on storage media); U.S. Pat. No. 5,056,147 (Recognition procedure and an apparatus for carrying out the recognition procedure); U.S. Pat. No. 5,056,141 (Method and apparatus for the identification of personnel); U.S. Pat. No. 5,036,461 (Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device); U.S. Pat. No. 5,020,105 (Field initialized authentication system for protective security of electronic information networks); U.S. Pat. No. 4,993,068 (Unforgettable personal identification system); U.S. Pat. No. 4,972,476 (Counterfeit proof ID card having a scrambled facial image); U.S. Pat. No. 4,961,142 (Multi-issuer transaction device with individual identification verification plug-in application modules for each issuer); U.S. Pat. No. 4,952,928 (Adaptable electronic monitoring and identification system); U.S. Pat. No. 4,941,173 (Device and method to render secure the transfer of data between a videotex terminal and a server); U.S. Pat. No. 4,926,480 (Card-computer moderated systems); U.S. Pat. No. 4,896,363 (Apparatus and method for matching image characteristics such as fingerprint minutiae); U.S. Pat. No. 4,890,323 (Data communication systems and methods); U.S. Pat. No. 4,868,376 (Intelligent portable interactive personal data system); U.S. Pat. No. 4,827,518 (Speaker verification system using integrated circuit cards); U.S. Pat. No. 4,819,267 (Solid state key for controlling access to computer systems and to computer software and/or for secure communications); U.S. Pat. No. 4,752,676 (Reliable secure, updatable “cash” card system); U.S. Pat. No. 4,736,203 (3D hand profile identification apparatus); U.S. Pat. No. 4,731,841 (Field initialized authentication system for protective security of electronic information networks); U.S. Pat. No. 4,564,018 (Ultrasonic system for obtaining ocular measurements), each of which is expressly incorporated herein by reference.
Content-Based Query Servers
U.S. Pat. No. 5,987,459 (Swanson, et al. Nov. 16, 1999), expressly incorporated herein by reference, relates to an image and document management system for content-based retrieval support directly into the compressed files. The system minimizes a weighted sum of the expected size of the compressed files and the expected query response time. Object searching of documents stored by the system is possible on a scalable resolution basis. The system includes a novel object representation based on embedded prototypes that provides for high-quality browsing of retrieval images at low bit rates.
U.S. Pat. No. 6,038,560 (Wical, Mar. 14, 2000), expressly incorporated herein by reference, relates to a concept knowledge base search and retrieval system, which includes factual knowledge base queries and concept knowledge base queries, is disclosed. A knowledge base stores associations among terminology/categories that have a lexical, semantic or usage association. Document theme vectors identify the content of documents through themes as well as through classification of the documents in categories that reflects what the documents are primarily about. The factual knowledge base queries identify, in response to an input query, documents relevant to the input query through expansion of the query terms as well as through expansion of themes. The concept knowledge base query does not identify specific documents in response to a query, but specifies terminology that identifies the potential existence of documents in a particular area.
U.S. Pat. No. 6,067,466 (Selker, et al., May 23, 2000), expressly incorporated herein by reference, relates to a diagnostic tool using a predictive instrument. A method is provided for evaluating a medical condition of a patient including the steps of monitoring one or more clinical features of a patient; based on the monitored features, computing a primary probability of a medical outcome or diagnosis; computing a plurality of conditional probabilities for a selected diagnostic test, the computed conditional probabilities including a first probability of the medical outcome or diagnosis assuming the selected diagnostic test produces a first outcome and a second probability of the medical outcome or diagnosis assuming the selected diagnostic test produces a second outcome; and displaying the computed primary probability as well as the plurality of computed conditional probabilities to a user as an aid to determining whether to administer the selected diagnostic test to the patient.
E-Commerce Systems
U.S. Pat. No. 5,946,669 (Polk, Aug. 31, 1999), expressly incorporated herein by reference, relates to a method and apparatus for payment processing using debit-based electronic funds transfer and disbursement processing using addendum-based electronic data interchange. This disclosure describes a payment and disbursement system, wherein an initiator authorizes a payment and disbursement to a collector and the collector processes the payment and disbursement through an accumulator agency. The accumulator agency processes the payment as a debit-based transaction and processes the disbursement as an addendum-based transaction. The processing of a debit-based transaction generally occurs by electronic funds transfer (EFT) or by financial electronic data interchange (FEDI). The processing of an addendum-based transaction generally occurs by electronic data interchange (EDI).
U.S. Pat. No. 6,005,939 (Fortenberry, et al., Dec. 21, 1999), expressly incorporated herein by reference, relates to a method and apparatus for storing an Internet user's identity and access rights to World Wide Web resources. A method and apparatus for obtaining user information to conduct secure transactions on the Internet without having to re-enter the information multiple times is described. The method and apparatus can also provide a technique by which secured access to the data can be achieved over the Internet. A passport containing user-defined information at various security levels is stored in a secure server apparatus, or passport agent, connected to computer network. A user process instructs the passport agent to release all or portions of the passport to a recipient node and forwards a key to the recipient node to unlock the passport information.
U.S. Pat. No. 6,016,484 (Williams, et al., Jan. 18, 2000), expressly incorporated herein by reference, relates to a system, method and apparatus for network electronic payment instrument and certification of payment and credit collection utilizing a payment. An electronic monetary system provides for transactions utilizing an electronic-monetary system that emulates a wallet or a purse that is customarily used for keeping money, credit cards and other forms of payment organized. Access to the instruments in the wallet or purse is restricted by a password to avoid unauthorized payments. A certificate form must be completed in order to obtain an instrument. The certificate form obtains the information necessary for creating a certificate granting authority to utilize an instrument, a payment holder and a complete electronic wallet. Electronic approval results in the generation of an electronic transaction to complete the order. If a user selects a particular certificate, a particular payment instrument holder will be generated based on the selected certificate. In addition, the issuing agent for the certificate defines a default bitmap for the instrument associated with a particular certificate, and the default bitmap will be displayed when the certificate definition is completed. Finally, the number associated with a particular certificate will be utilized to determine if a particular party can issue a certificate.
U.S. Pat. No. 6,029,150 (Kravitz, Feb. 22, 2000), expressly incorporated herein by reference, relates to a system and method of payment in an electronic payment system wherein a plurality of customers have accounts with an agent. A customer obtains an authenticated quote from a specific merchant, the quote including a specification of goods and a payment amount for those goods. The customer sends to the agent a single communication including a request for payment of the payment amount to the specific merchant and a unique identification of the customer. The agent issues to the customer an authenticated payment advice based only on the single communication and secret shared between the customer and the agent and status information, which the agent knows about the merchant, and/or the customer. The customer forwards a portion of the payment advice to the specific merchant. The specific merchant provides the goods to the customer in response to receiving the portion of the payment advice.
U.S. Pat. No. 6,047,269 (Biffar, Apr. 4, 2000), expressly incorporated herein by reference, relates to a self-contained payment system with creating and facilitating transfer of circulating digital vouchers representing value. A digital voucher has an identifying element and a dynamic log. The identifying element includes information such as the transferable value, a serial number and a digital signature. The dynamic log records the movement of the voucher through the system and accordingly grows over time. This allows the system operator to not only reconcile the vouchers before redeeming them, but also to recreate the history of movement of a voucher should an irregularity like a duplicate voucher be detected. These vouchers are used within a self-contained system including a large number of remote devices that are linked to a central system. The central system can e linked to an external system. The external system, as well as the remote devices, is connected to the central system by any one or a combination of networks. The networks must be able to transport digital information, for example the Internet, cellular networks, telecommunication networks, cable networks or proprietary networks. Vouchers can also be transferred from one remote device to another remote device. These remote devices can communicate through a number of methods with each other. For example, for a non-face-to-face transaction the Internet is a choice, for a face-to-face or close proximity transactions tone signals or light signals are likely methods. In addition, at the time of a transaction a digital receipt can be created which will facilitate a fast replacement of vouchers stored in a lost remote device.
Micropayments
U.S. Pat. No. 5,999,919 (Jarecki, et al., Dec. 7, 1999), expressly incorporated herein by reference, relates to an efficient micropayment system. Existing software proposals for electronic payments can be divided into “on-line” schemes which require participation of a trusted party (the bank) in every transaction and are secure against overspending, and “off-line” schemes which do not require a third party and guarantee only that overspending is detected when vendors submit their transaction records to the bank (usually at the end of the day). A new “hybrid” scheme is proposed which combines the advantages of both “on-line” and “off-line” electronic payment schemes. It allows for control of overspending at a cost of only a modest increase in communication compared to the off-line schemes. The protocol is based on probabilistic polling. During each transaction, with some small probability, the vendor forwards information about this transaction to the bank. This enables the bank to maintain an accurate approximation of a customer's spending. The frequency of polling messages is related to the monetary value of transactions and the amount of overspending the bank is willing to risk. For transactions of high monetary value, the cost of polling approaches that of the on-line schemes, but for micropayments, the cost of polling is a small increase over the traffic incurred by the off-line schemes.
Micropayments are often preferred where the amount of the transaction does not justify the costs of complete financial security. In the micropayment scheme, typically a direct communication between creditor and debtor is not required; rather, the transaction produces a result which eventually results in an economic transfer, but which may remain outstanding subsequent to transfer of the underlying goods or services. The theory underlying this micropayment scheme is that the monetary units are small enough such that risks of failure in transaction closure is relatively insignificant for both parties, but that a user gets few chances to default before credit is withdrawn. On the other hand, the transaction costs of a non-real time transactions of small monetary units are substantially less than those of secure, unlimited or potentially high value, real time verified transactions, allowing and facilitating such types of commerce. Thus, the rights management system may employ applets local to the client system, which communicate with other applets and/or the server and/or a vendor/rights-holder to validate a transaction, at low transactional costs.
The following U.S. Patents, expressly incorporated herein by reference, define aspects of micropayment, digital certificate, and on-line payment systems: U.S. Pat. No. 5,930,777 (Barber, Jul. 27, 1999, Method of charging for pay-per-access information over a network); U.S. Pat. No. 5,857,023 (Jan. 5, 1999, Demers et al., Space efficient method of redeeming electronic payments); U.S. Pat. No. 5,815,657 (Sep. 29, 1998, Williams, System, method and article of manufacture for network electronic authorization utilizing an authorization instrument); U.S. Pat. No. 5,793,868 (Aug. 11, 1998, Micali, Certificate revocation system), U.S. Pat. No. 5,717,757 (Feb. 10, 1998, Micali, Certificate issue lists); U.S. Pat. No. 5,666,416 (Sep. 9, 1997, Micali, Certificate revocation system); U.S. Pat. No. 5,677,955 (Doggett et al., Electronic funds transfer instruments); U.S. Pat. No. 5,839,119 (Nov. 17, 1998, Krsul; et al., Method of electronic payments that prevents double-spending); U.S. Pat. No. 5,915,093 (Berlin et al.); U.S. Pat. No. 5,937,394 (Wong, et al.); U.S. Pat. No. 5,933,498 (Schneck et al.); U.S. Pat. No. 5,903,880 (Biffar); U.S. Pat. No. 5,903,651 (Kocher); U.S. Pat. No. 5,884,277 (Khosla); U.S. Pat. No. 5,960,083 (Sep. 28, 1999, Micali, Certificate revocation system); U.S. Pat. No. 5,963,924 (Oct. 5, 1999, Williams et al., System, method and article of manufacture for the use of payment instrument holders and payment instruments in network electronic commerce); U.S. Pat. No. 5,996,076 (Rowney et al., System, method and article of manufacture for secure digital certification of electronic commerce); U.S. Pat. No. 6,016,484 (Jan. 18, 2000, Williams et al., System, method and article of manufacture for network electronic payment instrument and certification of payment and credit collection utilizing a payment); U.S. Pat. No. 6,018,724 (Arent); U.S. Pat. No. 6,021,202 (Anderson et al., Method and system for processing electronic documents); U.S. Pat. No. 6,035,402 (Vaeth et al.); U.S. Pat. No. 6,049,786 (Smorodinsky); U.S. Pat. No. 6,049,787 (Takahashi, et al.); U.S. Pat. No. 6,058,381 (Nelson, Many-to-many payments system for network content materials); U.S. Pat. No. 6,061,448 (Smith, et al.); U.S. Pat. No. 5,987,132 (Nov. 16, 1999, Rowney, System, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture); U.S. Pat. No. 6,057,872 (Candelore); and U.S. Pat. No. 6,061,665 (May 9, 2000, Bahreman, System, method and article of manufacture for dynamic negotiation of a network payment framework). See also, Rivest and Shamir, “PayWord and MicroMint: Two Simple Micropayment Schemes” (May 7, 1996); Micro PAYMENT transfer Protocol (MPTP) Version 0.1 (22 Nov. 95) et seq., www.w3.org/pub/WWW/TR/WD-mptp; Common Markup for web Micropayment Systems, www.w3.org/TR/WD-Micropayment-Markup (9 Jun. 99); “Distributing Intellectual Property: a Model of Microtransaction Based Upon Metadata and Digital Signatures”, Olivia, Maurizio, olivia.modlang.denison.edu/˜olivia/RFC/09/, all of which are expressly incorporated herein by reference.
See, also: U.S. Pat. No. 4,977,595 (Dec. 11, 1990, Method and apparatus for implementing electronic cash); U.S. Pat. No. 5,224,162 (Jun. 29, 1993, Electronic cash system); U.S. Pat. No. 5,237,159 (Aug. 17, 1993, Electronic check presentment system); U.S. Pat. No. 5,392,353 (February 1995, Morales, TV Answer, Inc. Interactive satellite broadcast network); U.S. Pat. No. 5,511,121 (Apr. 23, 1996, Efficient electronic money); U.S. Pat. No. 5,621,201 (April 1997, Langhans et al., Visa International Automated purchasing control system); U.S. Pat. No. 5,623,547 (Apr. 22, 1997, Value transfer system); U.S. Pat. No. 5,679,940 (October 1997, Templeton et al., TeleCheck International, Inc. Transaction system with on/off line risk assessment); U.S. Pat. No. 5,696,908 (December 1997, Muehlberger et al., Southeast Phonecard, Inc. Telephone debit card dispenser and method); U.S. Pat. No. 5,754,939 (May 1998, Herz et al., System for generation of user profiles for a system for customized electronic identification of desirable objects); U.S. Pat. No. 5,768,385 (Jun. 16, 1998, Untraceable electronic cash); U.S. Pat. No. 5,799,087 (Oct. 25, 1998, Electronic-monetary system); U.S. Pat. No. 5,812,668 (Sep. 22, 1998, System, method and article of manufacture for verifying the operation of a remote transaction clearance system utilizing a multichannel, extensible, flexible architecture); U.S. Pat. No. 5,828,840 (Oct. 27, 1998, Server for starting client application on client if client is network terminal and initiating client application on server if client is non network terminal); U.S. Pat. No. 5,832,089 (Nov. 3, 1998, Off-line compatible electronic cash method and system); U.S. Pat. No. 5,850,446 (Dec. 15, 1998, System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible architecture); U.S. Pat. No. 5,889,862 (Mar. 30, 1999, Method and apparatus for implementing traceable electronic cash); U.S. Pat. No. 5,889,863 (Mar. 30, 1999, System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture); U.S. Pat. No. 5,898,154 (Apr. 27, 1999, System and method for updating security information in a time-based electronic monetary system); U.S. Pat. No. 5,901,229 (May 4, 1999, Electronic cash implementing method using a trustee); U.S. Pat. No. 5,920,629 (Jul. 6, 1999, Electronic-monetary system); U.S. Pat. No. 5,926,548 (Jul. 20, 1999, Method and apparatus for implementing hierarchical electronic cash); U.S. Pat. No. 5,943,424 (Aug. 24, 1999, System, method and article of manufacture for processing a plurality of transactions from a single initiation point on a multichannel, extensible, flexible architecture); U.S. Pat. No. 5,949,045 (Sep. 7, 1999, Micro-dynamic simulation of electronic cash transactions); U.S. Pat. No. 5,952,638 (Sep. 14, 1999, Space efficient method of electronic payments); U.S. Pat. No. 5,963,648 (Oct. 5, 1999, Electronic-monetary system); U.S. Pat. No. 5,978,840 (System, method and article of manufacture for a payment gateway system architecture for processing encrypted payment transactions utilizing a multichannel, extensible, flexible architecture); U.S. Pat. No. 5,983,208 (Nov. 9, 1999, System, method and article of manufacture for handling transaction results in a gateway payment architecture utilizing a multichannel, extensible, flexible architecture); U.S. Pat. No. 5,987,140 (Nov. 16, 1999, System, method and article of manufacture for secure network electronic payment and credit collection); U.S. Pat. No. 6,002,767 (Dec. 14, 1999, System, method and article of manufacture for a modular gateway server architecture); U.S. Pat. No. 6,003,765 (Dec. 21, 1999, Electronic cash implementing method with a surveillance institution, and user apparatus and surveillance institution apparatus for implementing the same); U.S. Pat. No. 6,021,399 (Feb. 1, 2000, Space efficient method of verifying electronic payments); U.S. Pat. No. 6,026,379 (Feb. 15, 2000, System, method and article of manufacture for managing transactions in a high availability system); U.S. Pat. No. 6,029,150 (Feb. 22, 2000, Payment and transactions in electronic commerce system); U.S. Pat. No. 6,029,151 (Feb. 22, 2000, Method and system for performing electronic money transactions); U.S. Pat. No. 6,047,067 (Apr. 4, 2000, Electronic-monetary system); U.S. Pat. No. 6,047,887 (Apr. 11, 2000, System and method for connecting money modules); U.S. Pat. No. 6,055,508 (Apr. 25, 2000, Method for secure accounting and auditing on a communications network); U.S. Pat. No. 6,065,675 (May 23, 2000, Processing system and method for a heterogeneous electronic cash environment); U.S. Pat. No. 6,072,870 (Jun. 6, 2000, System, method and article of manufacture for a gateway payment architecture utilizing a multichannel, extensible, flexible architecture), each of which is expressly incorporated herein by reference.
Neural Networks
The resources relating to Neural Networks, listed in the Neural Networks References Appendix, each of which is expressly incorporated herein by reference, provides a sound basis for understanding the field of neural networks (and the subset called artificial neural networks, which distinguish biolofical systems) and how these might be used to solve problems. A review of these references will provide a state of knowledge appropriate for an understanding of aspects of the invention which rely on Neural Networks, and to avoid a prolix discussion of no benefit to those already possessing an appropriate state of knowledge.
Wavelets
The following resources listed in the Wavelets References Appendix relate to Wavelets and wavelet based analysis, each of which is expressly incorporated herein by reference, provides a sound basis for understanding the mathematical basis for wavelet theory and analysis using wavelet transforms and decomposition, and how these might be used to solve problems or extract useful information from a signal. A review of these references will assure a background in this field for an understanding of aspects of the invention which rely on wavelet theory.
Telematics
The resources relating to telematics listed in the Telematics Appendix, each of which is expressly incorporated herein by reference, provides a background in the theory and practice of telematics, as well as some of the underlying technologies. A review of these references is therefore useful in inderstanding practical issues and the context of functions and technologies which may be used in conjunction with the advances set forth herein.
Game Theory
The following resources listed in the Game Theory References Appendix, relating to Game Theory, each of which is expressly incorporated herein by reference, provides a basis for understanding Game Theory and its implications for the design, control, and analysis of systems and networks. A review of these references will assure a background in this field for an understanding of aspects of the invention which relate to game Theory.
Use of Game Theory to Control Ad Hoc Networks
The resources relating to ad hoc networks and game theory listed in the Game Theory and Ad Hoc Networks References Appendix, each of which is expressly incorporated herein by reference, provides a sound basis for understanding the implications of game theory for the design, control and analysis of communications networks, and in particular, ad hoc networks. A review of these references will assure a background in this field for an understanding of aspects of the invention which rely on these topics.
The following patents are expressly incorporated herein by reference: U.S. Pat. Nos. 6,640,145, 6,418,424, 6,400,996, 6,081,750, 5,920,477, 5,903,454, 5,901,246, 5,875,108, 5,867,386, 5,774,357, 6,429,812, and 6,252,544.